A firewall is a network protection device that monitors incoming and outgoing traffic and decides to allow or block some of this traffic based on a set of predefined security rules.
Firewalls have been the first line of defense for networks for over 25 years. They create a barrier between trusted and controlled internal networks that are trustworthy and unreliable external networks such as the Internet.
A firewall can be physical equipment, software, or a combination of both.
Types of firewalls
Appearing early, the proxy firewall acts as a gateway between two networks for a specific application. Proxy servers can provide additional functionality, such as content caching or protection, by preventing the direct connection from outside the network. However, they can impact throughput and supported applications.
Stateful inspection firewall
Now considered a “classic” firewall, the “stateful” inspection firewall authorizes or blocks traffic depending on the state, port, and protocol. It monitors all activity, from the opening of a connection to its closure. Filtering decisions are made according to the rules defined by the administrator as well as according to the context, which implies using information from previous connections and that from packets belonging to the same connection.
Unified Security Risk Management (UTM) Firewalls
A unified security risk management firewall partially combines the functions of a stateful inspection firewall with those of intrusion prevention and antivirus. It can also support additional services and often integrates cloud management. This type of firewall promotes simplicity and ease of use.
Next-Generation Firewalls (NGFW)
Firewalls have evolved to go beyond simple packet filtering and stateful inspection. Many companies are deploying next-generation firewalls to block the latest threats such as advanced malware and application-layer attacks.
As defined by Gartner, Inc., a next-generation firewall must include:
- Same functions as a standard firewall, such as stateful inspection
- Integrated intrusion prevention
- Recognition and control of applications to detect and block those that present a risk
- Pathways to include future information flows
- Techniques for coping with evolving security threats
These capabilities are increasingly becoming the norm for the enterprise, but next-generation firewalls can do even more.
Next-generation threat-focused firewalls
These firewalls provide all of the functionality of traditional next-generation firewalls while providing advanced threat detection and removal features. With a next-generation threat-focused firewall, you can:
- Know which resources present the most risks thanks to a complete knowledge of the context
- Respond quickly to attacks with intelligent automation of protection systems that dynamically define policies and strengthen your defenses
- Better detect stealthy or suspicious activities by correlating events at the network and terminal level
- Significantly reduce the time between detection and cleaning with retrospective security functions that continuously monitor activity and behavior, even after the initial inspection
- Simplify administration and reduce complexity with unified policies that protect you throughout the attack cycle